Please enable JavaScript.
Coggle requires JavaScript to display documents.
Chapter 8 - Coggle Diagram
Chapter 8
COSO cube
Control environment
- Tone of organisation
- The board's attitude, participation and operating style
Risk assessment
- Consider the likelihood and impact as basis for risk management
- Qualitative and quantitative risk assessment methodologies.
-
Information and communication
- Clear concise and understood by employees
Monitoring activities
- Regular review and periodic review
Audit Committee
Advantages
- Improve quality of financial reporting
- Reduce the opportunity to fraud
- Enable NED to contribute independent judgement
- Strengthen position of external auditor
- Provide framework for external auditor
- Strengthen position of internal audit
- Increase public confidence
Disadvantages
- Unclear of effectiveness of audit committee
- May act as a drag on the drive
- Barrier between external auditors and the Board
- Less effective if it falls under influence of a dominant board member
Audit committee members
- All members should be NED
- At least one member has recent and relevant financial experience
Responsibilities
- Monitoring and reviewing
- Overseeing
- Policy setting
Definition
- Process affected by entity's BoD, management and other personnel to provide reasonable assurance
Objectives (RORCS)
- Managing risks
- Maintaining effectiveness and efficiency of operations
- Ensure reliability of internal and external reporting
- Compliance with laws and regulations
- Safeguarding shareholder's investments.
Inherent limitations
- Costs > Benefits
- Poor judgement in decision making
- Human error or fraud
- Collusion between employees
- Controls bypassed / overridden
- Controls only being designed to cope with routine transactions
- Unable to cope with unforeseen circumstances
- Depending on method of data processing
- Controls are not updated over time
-
Control Procedures
APIPS
- Authorisation
- Performance review
- Information processing
- Physical controls
- Segregation of duties
Information
Types
- External information
- Non-financial information
- Financial information
Levels of information
- Strategic information (top management)
- Tactical information (middle management)
- Operational information
Qualities of good information
- Accurate
- Complete
- Cost-beneficial
- User-targeted
- Relevant
- Authoritative
- Timely
- Easy to use
Internal Audit
Role of internal audit
- The same as the objectives of internal control system
Assessing the quality of internal audit
- Scope of work
- Authority
- Independence
- Resources
Assessing the ongoing need for internal audit
- Company size and complexity
- Unexpected risk events
- Cost vs benefit analysis
Advantages of IC frameworks
- Alignment of risk appetite and strategy
- Link growth, risk and return
- Choose best risk response
- Minimise surprises and losses
- Identify and manage risk across the org
- Provide response to multiple risk
- Seize opportunities
- Rationalise capital
Disadvantages of IC frameworks
- Internal focus
- Priorities sudden even rather than gradual risk
- Makes the process too simplistic and thus too easy
- Stakeholder's involvement tends to get ignored